How to limit the FSxN file systems that a process can see?
I am trying to limit a process to be able to list only certain FSx systems. I have a role attached to my EC2 instance that includes a statement as follows.
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"fsx:Describe*",
"fsx:List*",
"fsx:UpdateFileSystem"
],
"Resource": [
"arn:aws:fsx:us-west-2:75xxxxxxx648:file-system/fs-0e8d9xxxxxxxef3b",
"arn:aws:fsx:us-west-2:75xxxxxxx648:file-system/fs-07bcxxxxxxxx5e43"
]
}
But when I try to list the filesystems I get errors when using the describe action.
ubuntu@ip-10-129-10-194:~$ aws fsx describe-file-systems --region=us-west-2
An error occurred (AccessDeniedException) when calling the DescribeFileSystems operation: User: arn:aws:sts::75xxxxxxx648:assumed-role/Cloud-Manager-Operator-399y9hM/i-00d9xxxxxxf16 is not authorized to perform: fsx:DescribeFileSystems on resource: arn:aws:fsx:us-west-2:75xxxxxxx648:file-system/* because no identity-based policy allows the fsx:DescribeFileSystems action
Even if specify one of the FSxN file systems I have listed in the role I get an error:
ubuntu@ip-10-129-10-194:~$ aws fsx describe-file-systems --region=us-west-2 --file-system-ids fs-07bxxxxxx5e43
An error occurred (AccessDeniedException) when calling the DescribeFileSystems operation: User: arn:aws:sts::75xxxxxxx648:assumed-role/Cloud-Manager-Operator-399y9hM/i-00d9bxxxxxff16 is not authorized to perform: fsx:DescribeFileSystems on resource: arn:aws:fsx:us-west-2:75xxxxxxx648:file-system/* because no identity-based policy allows the fsx:DescribeFileSystems action
Does anyone know of a way I can get AWS to silently ignore the filesystems I don't have access to?
Limiting describe functions to particular FSx systems is not supported. Note on the following page: https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonfsx.html
And if you look at the DescribeFileSystems column there is no value in the Resource types column.
Note, it is supported to limit Updates/Deletes for a particular FSx system.
- How to fetch response from the Amazon Fsx DescribeFileCaches API?
- Deleting data from an FSxN volume not freeing up space
- How to limit the FSxN file systems that a process can see?
- AWS CLI combining operators within a single query
- Getting "There is no connectivity" when trying to manage an FSxN File System within BlueXP
- LUN type for SQL Server on an FSx system
- Incorrect volume usage in FSx for ONTAP
- Fileshare service for application
- Creation of data repository association of Lustre Scratch 2 file system to S3 via Terraform AWS provider
- Terraform destroy/recreate while importing FSxN ONTAP resources
- Error "Unknown options: AutoImportPolicy=DELETED], AutoImportPolicy=CHANGED" while creating AWS FSx create-data-repository-association
- When to use EFS over FSx?
- AWS instance/controller node randomly unable to find files on FSX that is there
- Amazon FSx: Change delegated administrators
- What is the AWS Attribute outputs and ImportValue in cloudformation
- Does modifying data in S3 bucket update the data in the FSx-Lustre volume?
- How to input fsx for lustre to Amazon Sagemaker?